Archive for November, 2009

How Leadership and Culture shape Risk Management

Management guru and noted author, Charles Handy in his review of the best business books on Leadership for 2009 for the Strategy & Business magazine says the financial crises “did not need to happen. There were warnings enough from observers about troubles ahead but those in power in organizations did not pay heed until it was too late.”

Wisdom gained out of hindsight indicates that many companies did not possess the robust culture and leadership conviction to stay true to their own long term goals. Leaders were swayed by the lure of short term profit taking in what ultimately proved to be an illusionary “pot of gold.”

The CFO of a company recently mentioned that organizational culture in his organization, is viewed as a “soft” issue, one that does not have an immediate tangible impact on his company’s performance.  This view is unfortunate. While quality of leadership and culture does not fit in a neat little box that an auditor or risk manager can check off, its impact on specific areas such as fraud prevention, corporate reputation  as well as the general long term health and success of an organization has been proven during this crises.

Leadership and culture of an organization have always had a profound impact on risk management by:

  • Shaping the behavior of people on a daily basis
  • Informing the decisions made by managers
  • Defining the kind of risks that an organization will accept and the opportunities that it will pursue
  • Determining  if a company is willing to swim against the tide, when everyone else in the industry is out there making outsized profits in what might potentially be an unsustainable  bubble.

Culture in turn is shaped by the attitudes,  experiences and mental models of the top leaders of an organization. Do leaders promote an open culture where information flows freely rather than being hoarded?  Are people in your organization afraid to share bad news in the fear that “the messenger will be shot?” These are essential questions that need to be addessed to determine the cultural health of an organization.

The last couple of years have been especially challenging for companies faced with the worst economic crisis in decades. Organizational culture comes under great pressure during times of intense change including downsizing, M&A, layoffs etc.  A manager  at a company going through severe turmoil and layoffs, recently likened the experience of going to work every day to going into a battlefield. He said “you do  not know whose turn it was to get fired, and everyday could well be your last at the company.” Not managing the crises’ “moments of truth” with sensitivity and honesty can expose organizations to risk of depleted employee morale and weakened corporate performance.

Leaders can shine and guide their organizations effectively even in these trying times, by articulating clearly, respectfully and transparently the need for the  changes and how  the organization plans to emerge stronger as a result. Ultimately the key to building a healthy organization culture rests with the leaders and the tone they set for the company. It is therefore essential for leaders to get personally involved in building an ethical, transparent organization where a free flow of ideas and focus on excellence is a way of life.

November 27, 2009 at 11:19 pm 9 comments

IIA Gain Report on Top Ten Risk Management Imperatives for Internal Audit

The Institute of Internal Auditors (IIA) published a report on the 10 Risk Management Imperatives for Internal Auditing. 

The timely and insightful report based on a recent IIA Global Audit Information Network (GAIN) survey  highlights the  evolving role of the Internal Audit profession in light of heightened expectations of their organizations and their key stakeholders. The IIA GAIN report provides a useful guide to Chief Audit Executives to proactively transform their internal audit functions to meet these expectations and deliver increasing value.

The report emphasizes how today’s business environment is characterized by mounting pressures for stronger, more effective risk management. It also states that there is a sharp focus on risk oversight, considered by many observers to be the top governance issue facing corporate boards in a post-meltdown world since audit committees are pushing for holistic risk management, stepped-up risk mitigation, and enterprise wide risk assessments.

The cornerstone of the increased focus on risk management is the need for rebuilding trust in our corporate society. Since the economic crises, many companies have gone into intense soul-searching mode to identify what went wrong and what they could have done differently and more importantly what they can improve in future. Companies are trying to better balance risks and rewards and taking a hard look at compensation practice and their corporate governance and oversight functions. In addition, Standard & Poor’s assessment of the Enterprise Risk Management function of companies is expected to bring greater  scrutiny on the company’s risk management and oversight functions.

Many internal audit groups are stepping up to the plate and taking on the role of integrating various governance, risk and compliance initiatives including SOX 404, Information Technology, financial reporting and compliance to provide deeper visibility to senior management and the Board on key risk indicators and the organization’s performance metrics in those areas.

It’s important to focus on the key strategic risks that can “put a company out of business” as also reputational risks that can lead to negative public, investor and regulator perceptions. Risk Management groups must look beyond past events as a guide to focus on an aggregated  picture of  “what could go wrong” across the enterprise. Leading companies now use scenario planning and leading indicator analysis to identify potential risks and opportunities and the likelihood and impact of such events on the organization’s business goals.

Studies have shown that companies with robust risk management and governance are perceived as quality organizations and attract greater valuations over the long term than companies that are not so perceived. Therefore effective risk management should permeate the entire organization and involve a collaborative effort with the senior management in a risk management implementation and ownership role, Internal Audit as a value added independent assessment function and the Board in an oversight and monitoring role.

November 4, 2009 at 4:05 pm Leave a comment


Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 26 other followers